What are the ways to encrypt data sent from the client on standalone applications?

D

dima_horror2014-09-03 16:49:06

Android

dima_horror, 2014-09-03 16:49:06

There is some API interface, for access to the methods of which a unique key and access token are used.
If the application is of the type Client → Server → API, there are no questions. The client will never see the key and API access token, because they are stored on the server.
Question about applications of the type Client → API (for example, a mobile application or a desktop application)
What are the ways to hide the key / token from the user?
Thank you!

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

S

s1dney, 2014-09-03
@s1dney

The simplest, most logical and most importantly - effective option is to use Client → Server → API with a callback in place of Client → API.
You can pervert in different ways, but in each case, either the security of this API or the performance of the application will suffer.
For example, use one-time keys for a session, I have seen this more than once. In fact, this does not change anything, if you wish, you can steal access anyway, but the overhead is wild.

P

Push Pull, 2014-09-03
@deadbyelpy

from the user? everywhere.
from the developer? in RAM, i.e. after each stop of the application, i.e. service, offer authorization
from a hacker? read, an experienced developer is not only a droid, there are no barriers, everything that is locally encrypted is locally decrypted